HomeAlerts & Advisories

Stay up to date on the latest risks, threats, and product vulnerabilities

Our analysts and researchers unpack emerging vulnerabilties as they happen, to guide clients on how best to react and respond

Aware of an incident impacting your organization? Let us know:

Report an incident
September 27, 2024

Critical Vulnerability in CUPS (CVE-2024-47177)

On September 26th, 2024, an independent researcher disclosed acritical vulnerability in CUPS, a printing software package commonly used in Linux systems. CUPS may be enabled by default on some versions of Linux, meaning a server not intended or used as a printer server may still be vulnerable as a result.

September 13, 2024

Critical Vulnerability in Ivanti EPM (CVE-2024-29847)

On September 10th, 2024, Ivanti published an advisory detailing multiple critical severity vulnerabilities in their Endpoint Management (EPM) product. The EPM product manages IT assets, troubleshooting, and deployment of software and operating systems. A vulnerability in a system with this amount of control over a network environment presents significant risk.

February 19, 2024

Severe Connectwise Screenconnect Vulnerabilities

On February 19th, 2024, ConnectWise published a security bulletin reporting two impactful vulnerabilities in their product ConnectWise. One of these vulnerabilities is particularly severe, with a critical rating of 10.0 on the CVSS scale, indicating the highest level of risk when successfully exploited.

April 12, 2024

Critical Severity Command Injection Vulnerability in Palo Alto Networks Global Protect (CVE-2024-3400)

On April 12, 2024, Palo Alto Networks disclosed a critical command injection vulnerability identified as CVE-2024-3400, impacting certain configurations of its PAN-OS software. This vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges. It affects only devices running PAN-OS 10.2, 11.0, and 11.1 with both GlobalProtect gateway and device telemetry features enabled. Security patches were released on April 14th, and Palo Alto has provided temporary mitigations through “Threat Prevention Signatures”.

April 24, 2024

Sophisticated Attack Against Cisco ASA and FTD Software Leveraging Multiple Vulnerabilities (CVE-2024-20353, CVE-2024-20358, CVE-2024-20359)

On April 24th, Cisco reported on an attack campaign against certain Cisco devices running Cisco Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) Software. The report detailed three vulnerabilities: CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.

October 16, 2023

Critical Cisco IOS XE Vulnerability

On Monday, October 16th, 2023, Cisco’s Product Security Incident Response Team (PSIRT) released an advisory concerning a critical severity vulnerability (CVSS Base score of 10.0). This vulnerability, known to be actively exploited in the wild, is associated with the Web User Interface (Web UI) feature of Cisco IOS XE software. This vulnerability is of particular concern when the software is exposed to the internet or untrusted networks. The vulnerability has been assigned CVE-2023-20198.

July 14, 2020

Major Vulnerability in Microsoft DNS Needs Action

Microsoft announced a major vulnerability on July 14, 2020, in its Domain Name System (DNS) service component of Windows Server. The issue is documented as CVE-2020-1350 and is rated at the highest possible level of 10 out of 10. Descriptions of the security flaw state that it is ‘wormable’, which means it can be automated to conduct widespread and devastating attacks similar to WannaCry or NotPetya.

Properly Securing Microsoft’s Remote Desktop Gateway

For decades, Microsoft’s Remote Desktop Protocol (RDP) has been used to connect to Windows computers remotely. We covered in detail many of the reasons that RDP itself presents such a high risk when exposed directly to the internet. Microsoft provided a solution to the numerous RDP-related security woes by releasing a service called Remote Desktop Gateway (RDG).

Remote Desktop Protocol: A Virtual Open Door?

Remote Desktop Protocol (RDP) is arguably the most prolific remote access tool in use today. As its name indicates, RDP defines how server and client components communicate in order to provide a graphical interface from one computer to another “remote” computer. Microsoft includes RDP functionality with most versions of its Windows operating system making it very popular and relatively easy to use.

June 27, 2024

Critical Vulnerability in MOVEit Transfer (CVE-2024-5806)

On June 25th, software company Progress publicly disclosed a critical severity vulnerability in their managed file transfer software application, MOVEit Transfer. The vulnerability is being tracked as CVE-2024-5806 and allows a remote attacker to bypass authentication and log in as any valid user on the system.

June 28, 2024

Critical Vulnerability in FileCatalyst Workflow (CVE-2024-5276)

On June 25th, software company Fortra disclosed a critical severity vulnerability in their managed file transfer software application, FileCatalyst Workflow. The vulnerability is being tracked as CVE-2024-5276 which is an SQL Injection vulnerability that allows an attacker to modify application data. File transfer applications are typically deployed exposed to the Internet, and a compromise of this system can grant remote attackers a foothold into an organizations internal network.

July 1, 2024

Critical Vulnerability in OpenSSH (CVE-2024-6387)

On July 1st, Qualys Security publicly disclosed details regarding an impactful vulnerability in OpenSSH, an essential software tool used globally for secure network communications and remote system administration.

July 19, 2024

Guidance & Support: Windows Systems Experiencing Boot Loop Due to CrowdStrike Update

Beazley Security is aware of reports concerning crashes on Windows hosts related to the Falcon Sensor. Beazley Security has written recovery guidance for organizations who are impacted by this issue.

Suffering from an incident and need help?

Activate our IR Team